diff options
author | Michal Klocek <michal.klocek@qt.io> | 2018-06-05 12:46:38 +0200 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2018-06-05 14:13:28 +0000 |
commit | 606fc8cdf8a57451a3979bacd6fbfeb6ca21837f (patch) | |
tree | 62011e12bde29d56398e31dc3b60ece58de06d47 | |
parent | c1daae1d02178800e8095d99fc30bfcb7f720927 (diff) |
[Backport] CVE-2018-6130
Reland "Check that iterator is valid before dereferencing in RtpFrameReferenceFinder."
This reverts commit 1998d56bf17b598fba506cd602a6b0dcc1f663a5.
Reason for revert: Creating fix for previously broken CL.
Bug: chromium:838402
Reviewed-on: https://webrtc-review.googlesource.com/76480
Change-Id: I682b3c30dc45c3bbec3b58bb419c46ac79fa71ce
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc b/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc index dce35549d61..b2511351f5f 100644 --- a/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc +++ b/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc @@ -461,8 +461,12 @@ RtpFrameReferenceFinder::FrameDecision RtpFrameReferenceFinder::ManageFrameVp9( RTC_LOG(LS_WARNING) << "Received keyframe without scalability structure"; frame->num_references = 0; - GofInfo info = gof_info_.find(codec_header.tl0_pic_idx)->second; - FrameReceivedVp9(frame->picture_id, &info); + auto gof_info_it = gof_info_.find(codec_header.tl0_pic_idx); + if (gof_info_it == gof_info_.end()) + return kDrop; + + FrameReceivedVp9(frame->picture_id, &gof_info_it->second); + UnwrapPictureIds(frame); return kHandOff; } |